QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-12190

Back to search

CVE-2017-12190

Published: Nov 22, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.

VendorProductVersions

n/a

Linux kernel through v4.14-rc5

affected
Linux kernel through v4.14-rc5

Weaknesses (CWE)

CWE-400

References

101911
vdb-entry
x_refsource_BID
USN-3583-2
vendor-advisory
x_refsource_UBUNTU
RHSA-2018:1854
vendor-advisory
x_refsource_REDHAT
USN-3582-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2018:1062
vendor-advisory
x_refsource_REDHAT
RHSA-2018:0654
vendor-advisory
x_refsource_REDHAT
USN-3583-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2018:0676
vendor-advisory
x_refsource_REDHAT
USN-3582-2
vendor-advisory
x_refsource_UBUNTU
RHSA-2019:1170
vendor-advisory
x_refsource_REDHAT
RHSA-2019:1190
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now